Most of the discussion concerning the Liberty Alliance, the global consortium whose mission is "to establish an open standard for federated network identity through open technical specifications," has been about single sign-on.
Critics of the alliance, which was formed in September 2001, have said that because consumer banking customers don't seem to be clamoring for single sign-on - the practice of enabling users to be authenticated within one domain and have their identity recognized by other domains or Web sites without having to maintain combinations of user names and passwords - the group will run into trouble.
That is not the case. The fact is that the Liberty Alliance, with 150 member companies and headquarters in San Francisco, represents much more than front-end single-sign-on capabilities. Its specifications support a range of business-to-business and back-end efficiencies, and its early adopters are reaping benefits.
How It Works
The Liberty Alliance has designed specifications that allow a bank or other organization to set up what the group calls a circle of trust among points of electronic contact, including Web sites and intranets. In this model a consumer or business inputs a password once and credentials are shared among members of the circle of trust. This way the consumer or business can move about the trusted sites freely and there is no need to key in passwords and personal identification numbers over and over.A number of financial services organizations, ignoring the consortium's detractors, are capitalizing on what they sense is a pent-up consumer and business demand for single sign-on. Implementing the group's specifications is allowing them to provide better service, retain customers more, and solve the interoperability problems associated with deploying full-scale Web services.
American Express Co., a Liberty Alliance founder, is already using its specifications to connect its intranet, Internet, and extranet sites. Wells Fargo & Co. has been testing the group's tools in online banking.
Goldman, Sachs & Co. and J.P. Morgan Chase & Co. are part of an eight-member consortium that must provide institutional customers with fast assess to investment research from multiple sites. The eight are using the Liberty Alliance specifications to make this happen and to improve interoperability among partners across multiple platforms and devices.
The Bond Market Association is deploying a similar service to its members.
Other Benefits
Behind the scenes the Liberty Alliance specifications also simplify authentication and let banks leverage their technological resources. To date, secure and real-time authentication has been a huge headache because most authentication data are spread out across multiple databases.For example, human resources might be able to verify an individual's employment, but operations may have the information on that individual's purchasing limits for online transactions. In addition, most large organizations have relied on public key infrastructure or third-party certificate authorities. The problem here is that PKI is often expensive, and very often the information residing in central databases may be stale.
The Liberty Alliance, on the other hand, relies on SAML (secure assertion markup language), which eliminates the need for third-party authentication services.
SAML uses assertions or facts about a user that are often spread across different databases; with extensible markup language-mapping techniques, SAML identifies the assertions and uses them to create a real-time authentication profile. This means that the authentication information is current, because the data come from the source rather than a synchronized version.
The alliance also lets banks manage risk better by balancing and sharing authentication responsibilities among trading partners. For example, let's say a customer wants to exchange funds between his bank and one or more investment service companies; the Alliance could secure this activity.
Liberty circles of trust also enable just-in-time shipping and more efficient inventory monitoring among trading partners. Banks could use this capability to improve delivery of marketing and support materials as well as documents such as checks.
Whether deployed internally or externally, circles of trust offer major operational benefits - they are communications mechanisms that shorten cycle time and strengthen security. Banks that move to this model will raise performance standards and be ready to take advantage of the next generation of trusted electronic commerce.
